outgoing interfaces setting possible.

git-svn-id: file:///svn/unbound/trunk@704 be551aaa-1e26-0410-a405-d3ace91eadb9

checkconf/unbound-checkconf.c

@@ -89,14 +89,21 @@ static void
 morechecks(struct config_file* cfg)
 {
 	int i;
+	struct sockaddr_storage a;
+	socklen_t alen;
 	for(i=0; i<cfg->num_ifs; i++) {
-		struct sockaddr_storage a;
-		socklen_t alen;
 		if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) {
 			fatal_exit("cannot parse interface specified as '%s'",
 				cfg->ifs[i]);
 		}
 	}
+	for(i=0; i<cfg->num_out_ifs; i++) {
+		if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, 
+			&a, &alen)) {
+			fatal_exit("cannot parse outgoing-interface "
+				"specified as '%s'", cfg->out_ifs[i]);
+		}
+	}
 
 	if(cfg->verbosity < 0)
 		fatal_exit("verbosity value < 0");

daemon/unbound.c

@@ -81,7 +81,8 @@ checkrlimits(struct config_file* cfg)
 			(int)cfg->incoming_num_tcp:0));
 	size_t ifs = (size_t)(cfg->num_ifs==0?1:cfg->num_ifs);
 	size_t listen_num = list*ifs;
-	size_t outnum = cfg->outgoing_num_ports*ifs + cfg->outgoing_num_tcp;
+	size_t out_ifs = (size_t)(cfg->num_out_ifs==0?1:cfg->num_out_ifs);
+	size_t outnum = cfg->outgoing_num_ports*out_ifs + cfg->outgoing_num_tcp;
 	size_t misc = 4; /* logfile, pidfile, stdout... */
 	size_t perthread = listen_num + outnum + 2/*cmdpipe*/ + 2/*libevent*/
 		+ misc; 

daemon/worker.c

@@ -921,8 +921,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
 		cfg->outgoing_num_ports * worker->thread_num;
 	worker->back = outside_network_create(worker->base,
 		cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, 
-		cfg->ifs, cfg->num_ifs, cfg->do_ip4, cfg->do_ip6, startport, 
-		cfg->do_tcp?cfg->outgoing_num_tcp:0, 
+		cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, 
+		startport, cfg->do_tcp?cfg->outgoing_num_tcp:0, 
 		worker->daemon->env->infra_cache, worker->rndstate);
 	if(!worker->back) {
 		log_err("could not create outgoing sockets");
@@ -985,7 +985,8 @@ worker_delete(struct worker* worker)
 {
 	if(!worker) 
 		return;
-	mesh_stats(worker->env.mesh, "mesh has");
+	if(worker->env.mesh)
+		mesh_stats(worker->env.mesh, "mesh has");
 	server_stats_log(&worker->stats, worker->thread_num);
 	worker_mem_report(worker, NULL);
 	mesh_delete(worker->env.mesh);

doc/Changelog

@@ -7,6 +7,7 @@
 	- without lex no attempt to use it.
 	- unsecure response validation collated into one block.
 	- remove warning about const cast of cfgfile name.
+	- outgoing-interfaces can be different from service interfaces.
 	  
 18 October 2007: Wouter
 	- addresses are logged with errors.

doc/example.conf

@@ -28,6 +28,13 @@ server:
 	# port to answer queries from
 	# port: 53
 
+	# specify the interfaces to send outgoing queries to authoritative
+	# server from by ip-address. If none, the default (all) interface
+	# is used. Specify every interface on a 'outgoing-interface:' line.
+	# outgoing-interface: 192.0.2.153
+	# outgoing-interface: 2001:DB8::5
+	# outgoing-interface: 2001:DB8::6
+
 	# unbound needs to send packets to authoritative nameservers.
 	# it uses a range of ports for that.
 	# the start number of the port range

doc/unbound.conf.5

@@ -75,8 +75,20 @@ The number of threads to create to serve clients. Use 1 for no threading.
 .It \fBport:\fR <port number>
 The port number, default 53, on which the server responds to queries.
 .It \fBinterface:\fR <ip address>
-Interface to use to connect to the network. Can be given multiple times to
-work on several interfaces. If none are given the default (all) is used.
+Interface to use to connect to the network. This interface is listened to
+for queries from clients, and answers to clients are given from it.
+Can be given multiple times to work on several interfaces. If none are 
+given the default (all) is used.
+.It \fBoutgoing-interface:\fR <ip address>
+Interface to use to connect to the network. This interface is used to send
+queries to authoritative servers and receive their replies. Can be given 
+multiple times to work on several interfaces. If none are given the 
+default (all) is used. You can specify the same interfaces in 
+.Ic interface:
+and
+.Ic outgoing-interface:
+lines, the interfaces are then used for both purposes. Queries are sent
+via a random interface to counter spoofing.
 .It \fBoutgoing-port:\fR <port number>
 The starting port number where the outgoing query port range is allocated.
 Default is 1053.

services/outside_network.c

@@ -485,6 +485,11 @@ outside_network_create(struct comm_base *base, size_t bufsize,
 		outnet->num_udp6 = done_6;
 		outnet->num_udp4 = done_4;
 	}
+	if(outnet->num_udp4 + outnet->num_udp6 == 0) {
+		log_err("Could not open any ports on outgoing interfaces");
+		outside_network_delete(outnet);
+		return NULL;
+	}
 	return outnet;
 }
 

util/config_file.c

@@ -106,6 +106,8 @@ config_create()
 	cfg->do_daemonize = 1;
 	cfg->num_ifs = 0;
 	cfg->ifs = NULL;
+	cfg->num_out_ifs = 0;
+	cfg->out_ifs = NULL;
 	cfg->stubs = NULL;
 	cfg->forwards = NULL;
 	cfg->harden_short_bufsize = 0;
@@ -212,6 +214,12 @@ config_delete(struct config_file* cfg)
 			free(cfg->ifs[i]);
 		free(cfg->ifs);
 	}
+	if(cfg->out_ifs) {
+		int i;
+		for(i=0; i<cfg->num_out_ifs; i++)
+			free(cfg->out_ifs[i]);
+		free(cfg->out_ifs);
+	}
 	config_delstubs(cfg->stubs);
 	config_delstubs(cfg->forwards);
 	config_delstrlist(cfg->donotqueryaddrs);

util/config_file.h

@@ -106,6 +106,12 @@ struct config_file {
 	/** interface description strings (IP addresses) */
 	char **ifs;
 
+	/** number of outgoing interfaces to open. 
+	 * If 0 default all interfaces. */
+	int num_out_ifs;
+	/** outgoing interface description strings (IP addresses) */
+	char **out_ifs;
+
 	/** the stub definitions, linked list */
 	struct config_stub* stubs;
 	/** the forward zone definitions, linked list */

util/configlexer.lex

@@ -111,6 +111,7 @@ do-ip6{COLON}		{ YDOUT; return VAR_DO_IP6;}
 do-udp{COLON}		{ YDOUT; return VAR_DO_UDP;}
 do-tcp{COLON}		{ YDOUT; return VAR_DO_TCP;}
 interface{COLON}	{ YDOUT; return VAR_INTERFACE;}
+outgoing-interface{COLON}	{ YDOUT; return VAR_OUTGOING_INTERFACE;}
 chroot{COLON}		{ YDOUT; return VAR_CHROOT;}
 username{COLON}		{ YDOUT; return VAR_USERNAME;}
 directory{COLON}	{ YDOUT; return VAR_DIRECTORY;}

util/configparser.h

@@ -103,7 +103,8 @@
      VAR_KEY_CACHE_SLABS = 319,
      VAR_TRUSTED_KEYS_FILE = 320,
      VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 321,
-     VAR_USE_SYSLOG = 322
+     VAR_USE_SYSLOG = 322,
+     VAR_OUTGOING_INTERFACE = 323
    };
 #endif
 /* Tokens.  */
@@ -172,6 +173,7 @@
 #define VAR_TRUSTED_KEYS_FILE 320
 #define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 321
 #define VAR_USE_SYSLOG 322
+#define VAR_OUTGOING_INTERFACE 323
 
 
 
@@ -183,7 +185,7 @@ typedef union YYSTYPE
 	char*	str;
 }
 /* Line 1489 of yacc.c.  */
-#line 187 "util/configparser.h"
+#line 189 "util/configparser.h"
 	YYSTYPE;
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1

util/configparser.y

@@ -84,7 +84,8 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_BOGUS_TTL VAR_VAL_CLEAN_ADDITIONAL VAR_VAL_PERMISSIVE_MODE
 %token VAR_INCOMING_NUM_TCP VAR_MSG_BUFFER_SIZE VAR_KEY_CACHE_SIZE
 %token VAR_KEY_CACHE_SLABS VAR_TRUSTED_KEYS_FILE 
-%token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG
+%token VAR_VAL_NSEC3_KEYSIZE_ITERATIONS VAR_USE_SYSLOG 
+%token VAR_OUTGOING_INTERFACE
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -120,7 +121,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_incoming_num_tcp | server_msg_buffer_size | 
 	server_key_cache_size | server_key_cache_slabs | 
 	server_trusted_keys_file | server_val_nsec3_keysize_iterations |
-	server_use_syslog
+	server_use_syslog | server_outgoing_interface
 	;
 stubstart: VAR_STUB_ZONE
 	{
@@ -194,6 +195,21 @@ server_interface: VAR_INTERFACE STRING
 			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
 	}
 	;
+server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING
+	{
+		OUTYY(("P(server_outgoing_interface:%s)\n", $2));
+		if(cfg_parser->cfg->num_out_ifs == 0)
+			cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*));
+		else 	cfg_parser->cfg->out_ifs = realloc(
+			cfg_parser->cfg->out_ifs, 
+			(cfg_parser->cfg->num_out_ifs+1)*sizeof(char*));
+		if(!cfg_parser->cfg->out_ifs)
+			yyerror("out of memory");
+		else
+			cfg_parser->cfg->out_ifs[
+				cfg_parser->cfg->num_out_ifs++] = $2;
+	}
+	;
 server_outgoing_port: VAR_OUTGOING_PORT STRING
 	{
 		OUTYY(("P(server_outgoing_port:%s)\n", $2));